Episoder
-
In this episode of Cybersecurity Today, host Jim Love covers important security updates and warnings including critical flaws in WinRAR, a patch for a high severity zero-day vulnerability in Windows CLFS, and a security vulnerability in WhatsApp's Windows desktop application. He urges users to update their software to protect against exploits. Additionally, Jim discusses Identity Management Day and the concerning findings from an OKTA survey revealing Canadians' growing worries about identity theft. He announces his plan to create a special segment on new identity solutions to address these concerns. The episode also includes a shout-out to the BSides Calgary event for information security professionals.
00:00 Introduction and Event Announcement
00:51 Critical Flaws in Compression Utility
03:33 Microsoft Patches Zero-Day Exploits
05:01 WhatsApp Security Vulnerability
06:46 Identity Management Day Insights
10:13 Conclusion and Contact Information -
In this episode of Cybersecurity Today, host David Shipley covers a range of crucial issues. With tax day approaching, Microsoft reports a rise in sophisticated tax-themed phishing campaigns. The IRS has issued a warning against using its name in phishing simulations to avoid legal repercussions. Furthermore, cybersecurity journalist Brian Krebs reveals that Minnesota cybersecurity expert Mark Lanterman is under FBI investigation for potentially falsifying his credentials, impacting thousands of court cases. Lastly, several Australian superannuation funds have been targeted in a cyber scam, raising questions about the necessity of multifactor authentication for financial services. The episode emphasizes the need for stringent standards in cybersecurity expertise and shared responsibility in financial security.
00:00 Introduction and Headlines
00:24 Tax-Themed Phishing Scams on the Rise
00:36 Microsoft's Findings and IRS Warnings
01:32 Phishing Simulations and Legal Risks
02:53 Educating Employees on Phishing
03:15 Minnesota Cybersecurity Expert Under Scrutiny
04:25 Allegations and Legal Implications
05:52 Australian Retirement Funds Cyber Scam
06:16 Impact and Response to the Breach
07:07 The Need for Stronger Security Measures
08:26 Conclusion and Contact Information -
Manglende episoder?
-
In this episode of the cybersecurity month-end review, host Jim Love is joined by Daina Proctor from IBM in Ottawa, Randy Rose from The Center for Internet Security from Saratoga Springs, and David Shipley, CEO of Beauceron Security from Fredericton.
The panel discusses major cybersecurity stories from the past month, including the Oracle Cloud breach and its communication failures, the misuse of Signal by U.S. government officials, and global cybersecurity regulation efforts such as the UK's new critical infrastructure laws. They also cover notable incidents like the Kuala Lumpur International Airport ransomware attack and the NHS Scotland cyberattack, the continuous challenges of EDR bypasses, and the importance of fusing anti-fraud and cybersecurity efforts. The discussion emphasizes the need for effective communication and stringent security protocols amidst increasing cyber threats.
00:00 Introduction and Panelist Introductions
01:25 Oracle Cloud Breach: A Case Study in Incident Communication
10:13 Signal Group Chat Controversy
20:16 Leadership and Cybersecurity Legislation
23:30 Cybersecurity Certification Program Overview
24:27 Challenges in Cybersecurity Leadership
24:59 Importance of Data Centers and MSPs
26:53 UK Cybersecurity Bill and MSP Standards
28:09 Cyber Essentials and CMMC Standards
32:47 EDR Bypasses and Small Business Security
39:32 Ransomware Attacks on Critical Infrastructure
43:34 Law Enforcement and Cybercrime
47:24 Conclusion and Final Thoughts -
In this episode, host Jim Love discusses a rise in unauthorized network scans targeting Juniper and Palo Alto devices, raising concerns about espionage and botnet activities. The podcast also delves into the controversial use of the Signal app by National Security Advisor Mike Waltz's team for sensitive communications, sparking debates on security and legality. Additionally, the episode highlights the potential misuse of OpenAI’s advanced image generation tool for creating fraudulent documents. Finally, it covers the mysterious disappearance of cybersecurity professor JF Wang and his wife, following an FBI and Homeland Security investigation.
00:00 Introduction and Overview
00:23 Unauthorized Scans on Network Devices
02:01 National Security Concerns with Signal App
05:21 Risks of AI-Generated Images
07:44 The Disappearance of a Cybersecurity Professor
09:57 Conclusion and Upcoming Events -
In this episode of Cyber Security Today, host Jim Love covers several major cybersecurity incidents and vulnerabilities. Key stories include the compromise of Windows Defender and other Endpoint Detection and Response (EDR) systems, a data breach on X (formerly known as Twitter) exposing over 200 million user records, and a security flaw in several UK-based dating apps that led to the exposure of approximately 1.5 million private images. The discussion highlights how attackers are increasingly using legitimate software tools to bypass security measures, the implications of these breaches for users, and offers practical tips for maintaining robust cybersecurity.
00:00 Introduction to Today's Cyber Security News
00:29 Compromised Endpoint Detection and Response Systems
01:06 Bypassing Windows Defender: Methods and Implications
02:52 Ransomware Tactics and Legitimate Tool Exploits
04:20 Time Traveling Attacks and EDR Limitations
06:33 Massive Data Breach on X (Twitter)
08:30 UK Dating Apps Expose Private Images
10:47 Fraud Alerts and Scams
13:25 Conclusion and Final Thoughts -
Cybersecurity Today: Hacktivism, Solar Power Vulnerabilities, and Global Phishing Challenges
In this episode of Cybersecurity Today, host David Shipley covers multiple cybersecurity stories including: a Canadian hacker charged for the 2021 Texas GOP hack, vulnerabilities in solar power gear, France's national phishing test for students, and the tragic impact of online fraud in India. Shipley delves into the implications for cybersecurity professionals and emphasizes the need to destigmatize fraud and support victims.
00:00 Introduction and Headlines
00:25 Canadian Hacker Charged for Texas GOP Hack
02:12 Vulnerabilities in Solar Power Gear
02:56 France's National Phishing Simulation for Students
04:19 Tragic Consequences of Online Fraud in India
05:16 Rising Online Fraud and Its Impact in Canada
06:15 Conclusion and Call to Action -
In this episode, host Jim Love kicks off his new profile series with a deep dive into the compelling career of Dr. Priscilla Johnson, an environmental advocate at the crossroads of technology and sustainability. Dr. Johnson discusses her work in building a data center in South Africa amidst a severe drought, her tenure as Director of Water Strategy at Microsoft, and her transition into cyber intelligence. She explains how her unique background and empathetic approach have informed her career decisions and advocacy for responsible resource management. The conversation also touches on the importance of situational awareness in cybersecurity, making this episode a must-listen for anyone interested in the intersections of environmental engineering, infrastructure, and cybersecurity.
00:00 Introduction to the Series
00:29 Meet Dr. Priscilla Johnson
00:54 Challenges of Building a Data Center in Africa
01:16 Dr. Johnson's Background and Role at Microsoft
02:38 Addressing the Water Crisis in South Africa
06:34 Innovative Solutions and Collaborations
19:12 Dr. Johnson's Journey into Environmental Engineering
24:47 Discovering Texas and Dow Chemical
25:15 Environmental Impact and Agent Orange
27:00 Challenges in Environmental Management
29:00 Maternity Leave and Data Issues
34:46 Transition to Cybersecurity
37:19 Cybersecurity Threats and Preparedness
48:26 Mentorship and Career Advice
53:20 Conclusion and Final Thoughts -
Exposing Security Flaws: Government Officials' Data Leaks, Defense Contractor Fines, and Cyber Crime Involvement
In this episode of Cybersecurity Today, host Jim Love highlights significant cybersecurity breaches affecting US security officials, a government defense contractor, and a Department of Government Efficiency staffer. Personal information of senior US security officials was found accessible online, raising concerns about national security. Morse Corp, a defense contractor, was fined $4.6 million for failing to meet cybersecurity requirements. Additionally, a 19-year-old tech aide from the Department of Government Efficiency was found linked to a cyber crime group, causing alarm due to his recent advisory roles with significant government agencies. The episode underscores the need for stringent cybersecurity practices and accurate compliance within government and defense circles.
00:00 Introduction and Headlines
00:24 Exposure of US Security Officials' Personal Information
02:22 US Defense Contractor's Cybersecurity Failures
04:40 19-Year-Old Linked to Cyber Crime Ring
07:05 Conclusion and Final Thoughts -
Oracle Denies Cloud Hack & Top Secret Military Leaks: Cybersecurity Today
In today's episode of 'Cybersecurity Today,' host Jim Love delves into Oracle's denial of a claimed breach of its cloud systems, detailing the hacker's allegations and Oracle's firm response. Additionally, the episode explores an accidental leak of top-secret US military information to an editor at the Atlantic, revealing the astonishing lapses in secure communication. The show also covers renowned security expert Troy Hunt's phishing attack incident on his MailChimp account, highlighting vulnerabilities and lessons learned in cybersecurity. Stay tuned for comprehensive insights and expert analysis on these significant security events.
00:00 Introduction and Oracle Cloud Breach Allegations
00:52 Oracle's Response and Hacker Demands
02:07 Classified Military Details Leaked to Journalist
04:34 Troy Hunt's MailChimp Phishing Attack
06:17 Lessons Learned and Final Thoughts
07:38 Conclusion -
In this episode of 'Cybersecurity Today,' host Jim Love covers several major cybersecurity events. A devastating breach at Oracle Cloud Infrastructure has exposed 6 million records affecting 140,000 businesses, linked to a threat actor known as Rose87168. The attack exploited vulnerabilities in Oracle Fusion Middleware 11G. New browser-in-the-middle attack techniques are discussed, which can steal data by bypassing multi-factor authentication. The episode also highlights a severe vulnerability in Synology's DiskStation Manager software that could allow remote attackers to take full control of affected systems. Lastly, significant budget cuts in the Cybersecurity and Infrastructure Security Agency’s (CISA) Red Team might weaken US government cyber defenses. Critical insights and mitigation strategies for these emerging threats are provided.
00:00 Massive Oracle Supply Chain Attack
03:08 Browser in the Middle Attack Explained
06:03 Synology's Major Security Flaw
08:08 US Government Red Team Disruptions
10:31 Conclusion and Final Thoughts -
The Escalating Cyber Threats Against K-12 Schools: Insights and Solutions
In this episode of 'Cybersecurity Today,' host Jim Love discusses the rising trends and severe impacts of cyber attacks on K-12 schools with Randy Rose, VP of Security Operations and Intelligence at the Center for Internet Security (CIS). They scrutinize recent studies showing a surge in cyber threats targeting educational institutions, emphasizing the vulnerability of schools and the motives behind these attacks. The discussion covers how cyber criminals exploit budgetary information and schedules to maximize impact, the profound repercussions of ransomware attacks on school communities, and the critical need for better cybersecurity practices and support. Randy Rose shares insights from the 2025 CIS MS-ISAC K-12 Cybersecurity Report and offers practical advice on elevating security standards and fostering community resilience to protect sensitive school data from cyber threats.
00:00 Introduction to Cybersecurity in Schools
00:02 Iconic Hacking Movies and Real-Life Cyber Threats
00:41 The Seriousness of School Cybersecurity
01:10 Interview with Randy Rose: Introduction and CIS Overview
01:40 CIS's Role and Randy's Journey
03:27 Supporting Various Organizations
04:26 Challenges Faced by Schools and Local Governments
06:21 Cybersecurity Threats and Attack Patterns
09:11 Impact of Cyber Attacks on Schools
13:22 Detailed Findings from the CIS Report
19:16 Human Factor in Cybersecurity
19:29 Supply Chain and Data Security
27:13 The Role of AI in Cybersecurity
30:49 Ransomware and Its Devastating Effects
32:27 Recommendations for Improving School Cybersecurity
34:01 Conclusion and Final Thoughts -
Cybersecurity Today: Critical IBM AIX Vulnerability and Major Browser Exploits Revealed
In this episode, host Jim Love discusses pressing cybersecurity issues, including IBM's AIX operating system scoring a perfect 10 in security vulnerability, leaving critical sectors exposed to remote attacks. The episode also covers the mishandling of sensitive data by U.S. government agencies amid rapid layoffs, the viral exposure of dangerous browser exploits by YouTuber Matt Johansson, and the removal of over 300 malicious Android apps from the Google Play Store. Key recommendations for protecting against these threats are provided.
00:00 Introduction to Cybersecurity News
00:26 IBM AIX Vulnerabilities Exposed
02:12 Government Layoffs and Security Risks
04:02 Browser Exploits and Malicious Extensions
06:39 Malicious Android Apps on Google Play
08:45 Conclusion and Upcoming Topics -
Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations
In this episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues including the exploitation of a server-side request forgery (SSRF) vulnerability in OpenAI's ChatGPT infrastructure (CVE-2024-27564), leading attackers to redirect users to malicious URLs. He also talks about how researchers at Tiny Hack have made breakthroughs in cracking Akira ransomware using high-powered GPUs, and Malwarebytes' warning about malware embedded in free online file converters. The episode highlights the importance of robust cybersecurity measures, innovative methods to combat ransomware, and cautious internet usage.
00:00 Introduction to Cybersecurity Threats
00:19 Exploiting ChatGPT Vulnerabilities
02:15 Cracking Akira Ransomware
05:01 Malware in Free Online Converters
07:12 Conclusion and Listener Support -
Critical Cybersecurity Updates: Ransomware, VPN Breaches, and Microsoft Vulnerabilities
In this episode of 'Cybersecurity Today,' host Jim Love delves into emerging threats and vulnerabilities in the digital world. The Black Basta Ransomware Group has created a brute force tool to target VPNs and firewalls. The FBI and CISA alert users about Medusa ransomware, which has impacted over 300 organizations. A critical flaw in the popular Updraft Plus WordPress plugin is highlighted, exposing sensitive data. The FBI reports a surge in toll payment scams, and Microsoft's latest security update addresses severe vulnerabilities in Remote Desktop Services. Additionally, a breach within the Department of Government Efficiency underscores the risks of improper data handling. Stay informed about how to protect your systems and data in this comprehensive cybersecurity update.
00:00 Introduction to Cybersecurity News
00:27 Black Basta Ransomware Group's New Tool
02:18 Medusa Ransomware Advisory
03:43 WordPress Updraft Plus Vulnerability
05:12 Toll Payment Scams on the Rise
06:40 Microsoft's Critical RDS Vulnerabilities
09:35 DOGE's Treasury Data Breach
11:37 Conclusion and Contact Information -
Unveiling Cyber Security Insights with David Shipley: The Truth Behind Phishing and Technology Bias
Join Jim Love and cybersecurity expert David Shipley in this insightful episode of 'Cyber Security Today.' They delve into the realities of phishing in the workplace, revealing surprising data about email filter leakage rates and the critical role of human behavior in cybersecurity. Discover the importance of balanced security training, the dangers of over-reliance on technology, and the psychological biases that can compromise your organization. Gain actionable insights and learn how to benchmark your cybersecurity efforts effectively.
00:00 Introduction to Cybersecurity Today
00:10 The Fascination with Science and Truth
00:31 Heroes and Influences
00:47 The Reality of Tech Research
01:43 Phishing Email Statistics
03:52 Technology Bias in Cybersecurity
07:30 The Importance of Security Awareness
15:02 Effective Training Strategies
20:53 Optimism Bias and Security
21:57 Exploring Popular Courses and Their Impact
23:33 Understanding Phishing Metrics: Click Rate and Report Rate
26:28 The Importance of Post-Click Report Rate
31:39 Analyzing Industry Trends in Phishing
35:00 Key Takeaways and Future Directions
39:29 Accessing the Annual Report and Final Thoughts -
Cybersecurity Madness: Halting Operations, Google Gemini, and Fake Captchas
In this episode, host Jim Love delves into controversial cybersecurity decisions and the latest trends. The US government's directive to halt offensive cyber operations against Russia sparks debate about national security. Google Gemini's new personalized services interface with users' search histories, raising privacy concerns. Additionally, there's a discussion on rising fake Captcha scams designed to install malware on users' systems. Jim also shares a real-world hacking incident involving a small utility company compromised by a Chinese state-sponsored hacking group. Tune in to explore these pressing issues and more in the world of cybersecurity.
00:00 Introduction: Has the US Government Lost Its Mind?
00:44 Controversial Cybersecurity Decisions
01:12 Expert Opinions on Cybersecurity
03:02 Google Gemini: Personalized AI Assistant
04:59 Cyber Threats to Utilities
06:53 The Rise of Fake Captchas
08:57 Conclusion and Upcoming Content -
Cybersecurity Today: From DDoS Attacks to Developer Sabotage
In today's episode, host Jim Love discusses several major cybersecurity incidents: the pro-Palestinian group Dark Storm's claimed DDoS attack on X Twitter and its implications; the impact of budget cuts from the Department of Government Efficiency on the US Cybersecurity and Infrastructure Security Agency; the recovery of $23 million from the Ripple wallet hack allegedly linked to the LastPass breach; New York State's lawsuit against Allstate Insurance for inadequate data security and resultant breaches compromising 200,000 individuals' data; and finally, the conviction of a developer who sabotaged his employer's systems post-termination. The episode underscores the importance of robust cybersecurity measures and responsible handling of personnel changes.
00:00 Pro-Palestinian Group Claims Credit for Twitter Outage
02:51 US Cybersecurity Agency Faces Devastating Cuts
04:23 US Authorities Recover $23 Million from Cryptocurrency Hack
06:31 New York Sues Allstate Over Data Breaches
09:12 Developer Sentenced for Malicious Code Sabotage
11:34 Support the Podcast -
This episode also covers recent ransomware as a service (RaaS) trends, including the rise of SpearWing and Akira groups, advanced ransomware techniques exploiting IoT vulnerabilities, and issues with the ESP32 microcontroller's hidden commands. Additionally, Signal President Meredith Whitaker warns about privacy risks in agentic AI systems. Tune in for in-depth cybersecurity updates and more.
00:00 The Talk: Supporting Our Podcast
01:37 Cybersecurity Today: Ransomware as a Service
04:57 Akira Ransomware: Exploiting IoT Devices
06:50 ESP32 Microcontroller Vulnerabilities
08:21 AI Agents: Privacy and Security Risks
09:56 Conclusion and Contact Information -
Understanding Insider Threats in Cybersecurity with Eran Barak
Join host Jim Love as he discusses the critical issue of insider threats in cybersecurity with Eran Barak, CEO of MIND, a data security firm. In this episode, they explore the various types of insider threats, from innocent mistakes to malicious actors, and how companies can effectively protect their sensitive data. Learn about data loss prevention strategies, the impact of remote work, and the role of AI in enhancing data security. Get insights on practical steps that CISOs can take to mitigate risks and safeguard their organization's crown jewels.
00:00 Introduction and Guest Welcome
00:10 Understanding Insider Threats
01:20 Types of Insider Threats
02:18 Monitoring and Preventing Data Leaks
03:37 Remote Work and Security Risks
06:03 Access Control and Permissions
08:41 Real-World Scenarios and Solutions
21:20 The Role of AI in Data Security
34:53 Final Thoughts and Conclusion -
Cybersecurity Today: Rising Fraud in Canada and Major Cyber Crime Crackdowns
Welcome to another episode of Cybersecurity Today with your host, Jim Love. As fraud prevention month begins, we delve into the rising fraud rates in Canada, with new data from Equifax revealing Canadians' growing concerns about data protection, particularly among seniors and Quebec residents. We also cover the significant international law enforcement actions that dismantled the 8Base ransomware group and Garantex, a Russian cryptocurrency exchange linked to cybercriminal activities. Additionally, we discuss the emergence of a new botnet orchestrating record-breaking DDoS attacks, highlighting the persistent vulnerabilities in IoT devices. Don't miss our deeper analysis and the latest updates in cybersecurity.
00:00 Introduction to Fraud Prevention Month
00:23 Rising Fraud Concerns in Canada
02:24 Law Enforcement Actions Against Cyber Crime
04:34 Emergence of a New Botnet
06:46 Conclusion and Upcoming Shows - Vis mere
